Top 5 dangers, hacks, leaks and attacks – May 2017


Blog door: Joakim Wahlgren, Security Analyst SecureLink

Recommendation and informationEvery month our Cyber Defense Center keeps you informed about the most recent dangers, hacks, leaks and attacks. Make sure to stay up-to-date and bring a visit to our security blog regularly. If you have any questions, please don’t hesitate to contact us!

Top 5 dangers

1. ‘Second wave’ of massive Global Cyber Attack expected. Microsoft did patch the SMB-exploit used in WannaCry but ignored to patch the other three NSA Hacking Tools leaked by Shadow Brokers named “EnglishmanDentist”. “EsteemAudit,” and “ExplodingCan.” Only Windows Server 2003 and Windows XP machines are vulnerable. 18 Percent of the global Market share still uses Windows Server 2003 (+ 600.000 web-facing computers)  source: 25 May 2017

On our website, you’ll find our recommendations / advice to protect yourself against WannaCry.

2. Beware! Vulnerability found in subtitles and used to execute malicious code which provides full control of your system source: 23 May 2017

VLC, Kodi, PopcornTime and Stremio are vulnerable for this attack. VLC and PopcornTime has patched the flaw. Make sure to upgrade to the latest version. Kodi and Stremio are still working on patching the problem. Make sure to disable subtitles temporarily on Kodi and Stremio!

3. RoughTed malvertising campaign is using smart fingerprinting and ad-blocking evasion techniques  source:,, 25 May 2017

In the beginning of 2017 RiskIQ did release a “2016 Malvertising Report,” the volume of attacks involving malware -infected advertisements increased by 132 percent in 2016 compared to the previous year. Most of us are using an ad-blocker nowadays to avoid malicious advertising having the chance on our machines. Crooks are looking for ways to bypass the use of the adblockers. The RoughtTed malvertising campaign is using smart fingerprinting (redirecting) and ad-blocking evasion techniques that makes our adblockers useless.

The RoughtTed malvertising campaign is now active for over a year now and infected over a half of a billion domains so far and is growing rapidly. It is responsible for the spread of all kinds of dark cornucopia encompassing scams, rogue browser extensions, and exploit kits like Neutrino, RIG, Magnitude and more.

4. Redlock Cloud Security Intelligence (CSI) team shows an endemic lack of Cloud Infrastructure Security best practices source: 26 May 2017

The report disclose findings such as poorly configured databases without encryption that was accessible over the internet, use of security groups that allowed inbound SSH connections and the lack of enabling multifactor authentication for privileged accounts. Other notable security gaps mentioned was outbound unencrypted traffic on standard ports, dormant accounts with credentials still enabled and access keys that had not been rotated in 90 days.

5. A seven-year-old remote code execution vulnerability that is affecting Samba versions 3.5.0 and higher was recently published (CVE-2017-7494). The vulnerability is mentioned as a WannaCry equivalent for Linux as it affects the SMB protocol implementation in Linux and is potentially wormable.

Users are advised to patch Linux systems with latest Samba updates and make sure Samba-enabled hosts are not accessible over the internet source: 26 May 2017

Top 5 recent hacks, leaks and attacks

1. Some 17 million users are said to have been affected after restaurant search platform Zomato was breached this week source: 19 May 2017

As a result of the breach, user IDs, names, usernames, email addresses and password hashes with salt was compromised. The hacker behind the breach had the goal to make Zomato aware of their security vulnerabilities in the search platform and introduce a bug bounty program for security researchers, which Zomato acknowledged and now working on to implement. According to the unidentified hacker, all of the sensitive compromised data was destroyed and Zomato proceeded by resetting all of its users’ passwords.

2. Hackers are holding Disney for ransom, threatening to release a high-quality version of the “Pirates of The Caribbean: Dead Men Tell No Tales” movie on torrents unless they’re paid a huge sum of money in Bitcoin source: 17 May 2017

3. The world’s largest biometric ID system is in trouble after a new report revealed up to 135 million Indian citizens have had their unique identifiers publicly exposed by government agencies  source: 03 May 2017

“The Aadhaar project involves a unique 12-digit identity number which is linked to each person’s demographic as well as biometric data; fingerprints, iris scans and a mugshot are stored on a centralized database”

Privacy concerns around the Aadhaar project have been a hot topic since the launch back in 2009 and the public disclosure of Aadhaar number along with personal identifiably information (PII) creates a ripe opportunity for financial fraud. This is yet another example of how important it is to have a mature cyber security program in place when handling sensitive information.

4. Scammers are increasingly abusing consumer awareness of sites that encrypt data sent over the internet using HTTPS, particularly through a spike in phishing attacks that hope to win the confidence of victims by using the protocol on spoofed sites  source: 26 May 2017

5. Anti Public Combo List (tool) with Billions of Accounts has been leaked. It is advisable to check your e-mail addresses on the Have I been pwned page source: 26 May  2017

Aanmelden security breach nieuwsbrief

Wilt u op de hoogte worden gehouden van security breaches?

2018-02-28T17:06:32+00:0031 mei 2017|
SecureLink Netherlands